Imports enable a Sentinel policy to access reusable libraries and external
data and functions. The exact list of available imports is dependent on the
host system. Host systems may also make the available imports configurable
via plugins.

Imports are extremely powerful. They enable policy decision based on arbitrary
external information. For example, a behavior coming into a system can be
allowed or denied based on information from a separate system where the two
systems can be unaware of each other.

The example below shows a concrete example. For the example, imagine that
the import calendar allows access to engineer calendars. This import
only exists for the purpose of this example and at the time of writing is
not a real available import.

import"calendar"// Get the calendar for Bob for today
bob_calendar=calendar.for("bob").today// Allow this policy to pass if Bob is not on vacation.
main=rule{notbob_calendar.has_event("vacation")}

This example shows an import being used to deny a behavior if Bob is on
vacation. Hopefully real policies do not depend on a single person being
in the office, but the example shows the power of imports.

Whether accessing a built-in library or an external plugin, the syntax
for an import is the same:

import "name"

This adds the import with the name name. It can be referenced using
the identifier name. For example, if the import above exposed first
and last name data, you could access it via name.first or name.last.

You can shadow imports by assigning a variable. In the example below,
the import name becomes unavailable within the function because it is
shadowed by a variable of the same name.

Shadowing an import is not the same as overwriting a variable. Imports
are not part of the scope, meaning that
the shadow only exists for the scope it is created within. For everything
else, the import works even after it is shadowed. The example below shows that
as well.

Imports are accessed with dot-separated identifiers, such as name.first or
name.stage.first. These are called selector expressions. An import may
return nested data that further can be accessed via selector expressions.

In the first example on this page with the "calendar" import, we see this: